测试IRP 和Dispatchroutin

下面是NT驱动demo

#include "ntddk.h"void MyUnload(PDRIVER_OBJECT pDriverObj);NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObj);NTSTATUS MyDispatchRoutin(PDEVICE_OBJECT pDevObj,PIRP pIrp);extern "C" NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj,                         PUNICODE_STRING pRegPath)  {         UNREFERENCED_PARAMETER(pDriverObj);      UNREFERENCED_PARAMETER(pRegPath);              DbgPrint("Enter DriverEntry");            //注册其他调用函数入口      pDriverObj->DriverUnload=MyUnload;      pDriverObj->MajorFunction[IRP_MJ_CREATE]=MyDispatchRoutin;      pDriverObj->MajorFunction[IRP_MJ_CLOSE]=MyDispatchRoutin;      pDriverObj->MajorFunction[IRP_MJ_WRITE]=MyDispatchRoutin;      pDriverObj->MajorFunction[IRP_MJ_READ]=MyDispatchRoutin;      //创建DO  NTSTATUS status=0;      status=CreateDevice(pDriverObj);      DbgPrint("Enter DriverEntry End");      return status;  } typedef struct _DEVICE_EX{PDEVICE_OBJECT pDev;UNICODE_STRING ustrDevName;      UNICODE_STRING ustrLinkName;  }DEVICE_EX;NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObj){ UNREFERENCED_PARAMETER(pDriverObj); UNICODE_STRING ustrDevName; UNICODE_STRING ustrLinkName; RtlInitUnicodeString(&ustrDevName,L"\\Device\\FUckFuck"); RtlInitUnicodeString(&ustrLinkName,L"\\DosDevices\\MyLinkDevice"); NTSTATUS status; PDEVICE_OBJECT pDevObj; status=IoCreateDevice(pDriverObj,   sizeof(DEVICE_EX),   &ustrDevName,   FILE_DEVICE_UNKNOWN,   NULL,true,   &pDevObj); if(!NT_SUCCESS(status)) { DbgPrint("IoCreateDevice failed"); return status; }  //得到设备扩展   DEVICE_EX* pDevEx;     pDevEx=(DEVICE_EX*)pDevObj->DeviceExtension;   pDevEx->pDev=pDevObj; pDevEx->ustrDevName=ustrDevName; pDevEx->ustrLinkName=ustrLinkName; status=IoCreateSymbolicLink(&ustrLinkName,&ustrDevName); if(!NT_SUCCESS(status)) { DbgPrint("IoCreateSymbolicLink failed"); IoDeleteDevice(pDevObj); return status; } return STATUS_SUCCESS;}void MyUnload(PDRIVER_OBJECT pDriverObj){ UNREFERENCED_PARAMETER(pDriverObj);  DbgPrint("EnterDriverUnload"); PDEVICE_OBJECT pNextDev; DEVICE_EX* pDevEx; pNextDev=pDriverObj->DeviceObject; while(pNextDev) { pDevEx=(DEVICE_EX*)pNextDev->DeviceExtension; //删除符号链接 IoDeleteSymbolicLink(&pDevEx->ustrLinkName); pNextDev=pNextDev->NextDevice; IoDeleteDevice(pDevEx->pDev); } DbgPrint("LeaveDriverUnload");}NTSTATUS MyDispatchRoutin(PDEVICE_OBJECT pDevObj,PIRP pIrp){DbgPrint("EnterDriverDispatchRoutin");UNREFERENCED_PARAMETER(pDevObj);UNREFERENCED_PARAMETER(pIrp);//get io_stackPIO_STACK_LOCATION stack=IoGetCurrentIrpStackLocation(pIrp);static char* irpName[]={"IRP_MJ_CREATE",            "IRP_MJ_CREATE_NAMED_PIPE",      "IRP_MJ_CLOSE" ,                      "IRP_MJ_READ" ,                          "IRP_MJ_WRITE"    ,                  "IRP_MJ_QUERY_INFORMATION",          "IRP_MJ_SET_INFORMATION" ,         "IRP_MJ_QUERY_EA" ,       "IRP_MJ_SET_EA"  ,   "IRP_MJ_FLUSH_BUFFERS",   "IRP_MJ_QUERY_VOLUME_INFORMATION",   "IRP_MJ_SET_VOLUME_INFORMATION",   "IRP_MJ_DIRECTORY_CONTROL"    ,   "IRP_MJ_FILE_SYSTEM_CONTROL" ,   "IRP_MJ_DEVICE_CONTROL" ,   "IRP_MJ_INTERNAL_DEVICE_CONTROL",   "IRP_MJ_SHUTDOWN"   ,   "IRP_MJ_LOCK_CONTROL"  ,   "IRP_MJ_CLEANUP"  ,   "IRP_MJ_CREATE_MAILSLOT"  ,   "IRP_MJ_QUERY_SECURITY" ,   "IRP_MJ_SET_SECURITY"  ,   "IRP_MJ_POWER"                   };UCHAR type=stack->MajorFunction;if(type>=ARRAYSIZE(irpName))DbgPrint("no irpname");elseDbgPrint("%s",irpName[type]);//设置IRP完成状态pIrp->IoStatus.Status=STATUS_SUCCESS;//设置IRP操作字节数pIrp->IoStatus.Information=0;//结束IRP请求IoCompleteRequest(pIrp,IO_NO_INCREMENT);DbgPrint("LeaveDriverDispatchRoutin");return STATUS_SUCCESS;}

下面是测试函数

#include<windows.h>int main(){//会触发IRP_MJ_CREATEHANDLE hFile=CreateFile(L"\\\\.\\MyLinkDevice",GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);if(hFile==INVALID_HANDLE_VALUE)MessageBox(0,L"failed",0,0);//关闭句柄会触发 IRP_MJ_CLEANUP IRP_MJ_CLOSECloseHandle(hFile);return 0;}

下面是测试的结构：

注意：

在驱动加载并开启服务后，再运行测试程序。否则测试程序会打开文件失败。